4 tips for securing voter data
- By Andrew Hay
- Sep 14, 2016
From the hack of the Democratic National Committee in June to recent criticism about data collected by candidates’ campaign apps, it can feel like data security is the frontrunner in this year’s U.S. presidential election.
Whether government agencies are more prone to data breaches than private companies or whether the public is more likely to hear about security incidents affecting a state or federal organization, IT staff are responsible for containing such incidents and protecting the sensitive data involved. To meet this challenge, government IT staff can improve security for their agencies and their constituents -- and help avoid being the next cautionary tale making front page news -- by following these four tips.
1. Don’t collect data in the dark. During election seasons and off years alike, political campaigns and party staffers collect quite a bit of data from their potential voters. Not all of this information is necessarily sensitive on its own, but campaigns, also store their constituents’ and potential supporters’ contact information, voter registration history, financial data from previous donations and more. If this personally identifiable information is informed with contextual clues, such as responses to a survey about stances on political issues or household income, it creates a comprehensive snapshot of that individual and becomes highly sensitive.
Treat all data relating to voters and individuals carefully, and frequently audit stored information to ensure such data remains protected. Doing so can prevent attackers from uncovering connections between datasets and, in turn, protect the agency and the citizens it serves.
2. Monitor third-party sensitive data access. Some of the most high-profile data security incidents, such as Target’s $39 million data breach, resulted from a third-party compromising an organization’s internal data. As political organizations amass databases of voter information, they often use software-as-a-service and open source data aggregation solutions that can pose the same risk as a contractor or vendor with temporary access to an internal server. Rather than leaving voter security in the hands of third-party services, government IT staffers must be sure they’re restricting access to highly sensitive information -- including contextual clues about voter profiles.
3. Establish (and follow) data disposal protocols. Voters know the data they share with government organizations doesn’t disappear after an election season ends. However, as an IT pro supporting a government agency, it’s critical to establish, communicate and follow safe data storage, transfer and disposal procedures to reduce ongoing risks of exposure. If left unmanaged, sensitive information can be misplaced among the hordes of dark, or unorganized, data that accumulates in any organization.
4. As a voter, act on your concerns. While government IT workers have a critical role in protecting sensitive data in their organizations, as registered voters, they can support increased data security in state and federal agencies. Voters can avoid sharing certain personal details with political campaigns if they feel it’s irrelevant or risky, and constituents can write to their representatives to inquire how their data is being collected, managed and used. By expressing a personal interest in how sensitive data being handled and eventually destroyed, every citizen can help pave the way for higher data security standards in government.
Andrew Hay is chief information security officer at DataGravity.